UNCLASSIFIED - NO CUI

Skip to content

chore(findings): opensource/r/r-base

Summary

opensource/r/r-base has 57 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-44638 Twistlock CVE Medium pixman-0.38.4-2.el8
CVE-2021-3114 Twistlock CVE Medium cpp-8.5.0-15.el8
CVE-2021-3826 Twistlock CVE Low libgfortran-8.5.0-15.el8
CVE-2021-3826 Twistlock CVE Low libquadmath-devel-8.5.0-15.el8
CVE-2021-3826 Twistlock CVE Low libgomp-8.5.0-15.el8
CVE-2021-3826 Twistlock CVE Low libstdc++-devel-8.5.0-15.el8
CVE-2021-3826 Twistlock CVE Low cpp-8.5.0-15.el8
CVE-2021-3826 Twistlock CVE Low libquadmath-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low libstdc++-devel-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low gcc-gfortran-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low libgfortran-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low libgomp-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low gcc-c++-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low libquadmath-devel-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low cpp-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low libquadmath-8.5.0-15.el8
CVE-2021-46195 Twistlock CVE Low gcc-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low gcc-gfortran-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low libgfortran-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low cpp-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low gcc-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low libquadmath-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low libgomp-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low gcc-c++-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low libquadmath-devel-8.5.0-15.el8
CVE-2019-14250 Twistlock CVE Low libstdc++-devel-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low cpp-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low libgfortran-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low libgomp-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low libstdc++-devel-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low gcc-gfortran-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low libquadmath-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low libquadmath-devel-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low gcc-c++-8.5.0-15.el8
CVE-2018-20657 Twistlock CVE Low gcc-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low libquadmath-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low libgfortran-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low cpp-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low libgomp-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low gcc-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low libstdc++-devel-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low gcc-c++-8.5.0-15.el8
CVE-2022-27405 Anchore CVE Medium freetype-2.9.1-9.el8
CVE-2022-27943 Anchore CVE Low gcc-gfortran-8.5.0-15.el8
CVE-2022-27943 Anchore CVE Low libquadmath-devel-8.5.0-15.el8
CVE-2022-3555 Anchore CVE Low libX11-1.6.8-5.el8
CVE-2022-3554 Anchore CVE Medium libX11-1.6.8-5.el8
CVE-2022-27406 Anchore CVE Medium freetype-2.9.1-9.el8
CVE-2022-44638 Anchore CVE Medium pixman-0.38.4-2.el8
CVE-2022-27404 Anchore CVE Medium freetype-2.9.1-9.el8
CVE-2022-3857 Twistlock CVE Low libpng-1.6.34-5.el8
CVE-2022-42898 Twistlock CVE Critical krb5-libs-1.18.2-21.el8
CVE-2022-3570 Twistlock CVE Critical libtiff-4.0.9-23.el8
CVE-2022-3626 Twistlock CVE Medium libtiff-4.0.9-23.el8
CVE-2022-3599 Twistlock CVE Medium libtiff-4.0.9-23.el8
CVE-2022-3598 Twistlock CVE Medium libtiff-4.0.9-23.el8
CVE-2022-3597 Twistlock CVE Medium libtiff-4.0.9-23.el8

VAT: https://vat.dso.mil/vat/image?imageName=opensource/r/r-base&tag=4.2.2&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/r/r-base/-/jobs/15575399

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Abel Cervantes
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI